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NetWare News Server Administration Guide 


This manual is written for network administrators who want to add news 
servers to their networks. Before you configure NetWare® News Server, refer 
to Chapter 2, “Planning your News Server,” on page 13. 


Because the News Server is scalable, the recommended use of memory and 
hard drive space varies according to your needs. 


+ A minimum 128 MB RAM is recommended. 1 GB RAM is 
recommended if you’re using a full UseNet feed (20,000 plus 
newsgroups). 

+ A minimum 200 MB space on the volume you’ re installing on is 


recommended. 20 GB hard drive space is recommended if you’re using a 
full UseNet feed (20,000 plus newsgroups). 
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Overview 


NetWare® News Server makes intranet and Internet collaboration a reality by 
bringing the full power of open standards technology to focused discussion 
groups. By using the News Server for discussion groups, the people in your 
company can easily share information both within the company and across the 
Internet. 


Features of the News Server 


NetWare News Server provides the following features for enterprise-sized 
discussion groups: 


+ 


+ 


+ 


+ 


+ 


+ 


Support for standard protocols 

Easy creation and management of discussion groups 
Full-text search across multiple discussion groups 
Access control at both server and discussion group levels 
Security using SSL and client certificates 


Discussion group replication 


Support for Standard Protocols 


The NetWare News Server supports the following protocols: 


+ 


Network News Transport Protocol (NNTP) for supporting discussion 
over TCP/IP networks 


Lightweight Directory Access Protocol (LDAP) for connection to LDAP 
servers 


Secure Socket Layer for authentication and encryption 


Overview 9 


+ Simple Network Management Protocol (SNMP) for remotely monitoring 
and managing IP devices across a network 


Easy Creation and Management of Discussion Groups 


You can easily create and manage discussion groups with the Discussion 
Group Manager. You can delegate discussion group management tasks to 
users if you grant them the appropriate permissions. 


Searching across Multiple Discussion Groups 


You can specify full-text indexing of discussion groups for searching 
purposes. Users can specify search profiles to more easily monitor and track 
discussions across multiple discussion groups. 


Access Control at Both Server and Discussion Group Levels 


You can create private or public discussion groups. You can specify access 
control on your entire server, on your entire server and certain discussion 
groups on your server, or only on certain discussion groups on your server. 


Security Using SSL and User Certificates 


NetWare News Server uses SSL and user certificates to provide authentication 
and encryption when communicating with other SSL-enabled products. 


Discussion Group Replication 


Discussion group replication is the way two or more news servers exchange 
articles and share information. Servers can accept discussion groups, send 
discussion groups, or both. 


Administering the News Server 


To administer the News Server: 
1 Ina browser, type https://serveripaddress:netwarewebmanager port 
The General Administration page appears. 


2 From the General Administration page, click the News Server server 
name button. 


3 Click the button that corresponds to what you want to administer. 
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The following illustration shows the General Administration page and News 
Server button. 


i NetWare Server Selector - Netscape 
File Edt View Go Communicator Help 


| ae 24 2 e 


Back Forward Reload Home Search Guide Fint Securly 





NetWare. Web Manager 


Contact Novell 


General Administration 


Admin Preferences Global Settings Users and Groups Cluster Management 


Servers Supporting General Administration 


NetWare Enterprise Web Server 


R 


Create New NetWare Enterprise Web Server 
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Novell Directory Service (NDS) 


NetWare Management Portal 





[Document Done 








Locating More Information 


To help you install, configure, and administer your NetWare News Server, see 
the following resources: 
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If You Want To 


Refer To 





Learn more about this product 


Find current technical support 
information on this product 
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The online documentation 


The Novell Technical Support 
Web site at http:// 
support.novell.com (http:// 
support.novell.com) 





Planning Your News Server 


Before you install your NetWare® News Server, you need to 
+ “Choose Your Directory Service” on page 13 
+ “Determine Access Control and Security Requirements” on page 13 
+ “Plan Discussion Groups” on page 14 


+ “Plan Your Replication Sites” on page 14 


For information on the NetWare News Server installation, refer to NetWare 
News Server in NetWare 5.1 Installation Guide. 


Choosing Your Directory Service 


Your directory service stores information about users and groups, discussion 
groups, and access control. Novell Directory Services® (NDS)™ is the default 
directory. You can change the default directory in the NetWare Web Manager 
> Global Settings > Configure Directory Service. 


Determining Access Control and Security 
Requirements 
To decide what type of access control and security you need, ask yourself the 
following questions: 
+ What type of information will be stored on the server? 
¢ How critical is the privacy of this information to my organization? 
+ Who does and does not require access to this information? 


+ Will some information be private and some information public? 
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+ Will some information be shared with people outside of my organization? 


Your answers to these questions determine your access control and security 
requirements. 


By default, access control is turned off. Any user can read and post to your 
server. Open or unrestricted access is common in intranet environments where 
users are known and trusted. If you require other access control, you must 
modify the access control settings. 


To determine what tasks you must perform to provide the appropriate level of 
access control for your server, refer to Chapter 5, “Controlling Access to Your 
Server,” on page 45. 


To determine what tasks you must perform to provide the appropriate level of 
access control for discussion groups, refer to Chapter 6, “Managing 
Discussion Groups,” on page 53. 


By default, security features are disabled. If you require security, you must 
modify the security settings. If your network communicates with networks 
outside of your organization, consider using authentication, encryption, and 
firewalls. For more information about security, refer to Chapter 8, “Securing 
the NetWare News Server,” on page 81. 


Planning Discussion Groups 


You must decide what discussion groups you want your News Server to 
provide to your users. You can create new discussion groups and receive 
discussion groups from other servers, including the Usenet newsgroups. For 
more information about creating and receiving discussion groups, refer to 
Chapter 6, “Managing Discussion Groups,” on page 53. 


Planning Your Replication Sites 


14 


Before you configure your server for discussion group replication, ask 
yourself the following questions: 


+ What discussion groups do I want the NetWare News Server to provide 
to my users? 


You will make this decision based on the content you want to provide and 
how much disk space you have available. 


+ What discussion groups do I want to replicate with other sites? 
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+ Are my replication sites internal to my organization, or will I also be 
replicating discussion groups with external sites? 


After you’ve decided what discussion groups you want to provide and what 
your replication sites will be, contact the administrators of the remote sites to 
set up replication. For more information on configuring your replication sites, 
refer to Chapter 7, “Managing Replication,” on page 69. 
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Setting Up Your Server 


This section describes the basic tasks you need to perform to set up the 
NetWare® News Server. 


Starting and Stopping the Server 
You can start or stop the News Server on the General Administration form and 
in the News Server interface. 


1 From the General Administration form, click On or Off on the switch to 
the left of the News Server server name button 


or 


From the News Server interface, click Server Preferences > Start/Stop the 
Server > Start or Stop. 


Specifying Search Options 


The News Server provides full-text search across multiple discussion groups. 
This feature lets users easily monitor and track discussions on a wide variety 
of topics. 


The News Server also provides a profiling feature that stores the results of a 
search in a virtual discussion group that is updated periodically. To users, the 
virtual discussion group looks like any other discussion group. To specify 
which discussion groups are indexed, refer to “Indexing Discussion Groups” 
on page 66. 


To enable or disable searching and profiling options: 


1 From the General Administration page, click the News Server server 
name button > Server Preferences > Search Options. 
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2 Enable or disable searching. 


If you disable searching, some news readers might still be able to search 
headers within a discussion group. 


3 Enable or disable profiling. 


You must enable profiling before users can store search results in virtual 
discussion groups. 


4 Click OK. 


Specifying Directory Service Information 


You specify the default directory in the Configure Directory Service form 
(from the NetWare Web Manager, click Global Preferences > Configure 
Directory Service). NDS™ is the default directory. 


The Directory Server Control Options form specifies the username and 
password used to connect LDAP or the local directory. If you are using NDS, 
this form is not applicable. 


To change the username and password that connects to the directory server: 


1 From the General Administration page, click the News Server server 
name button > Server Preferences > Directory Server Options. 


2 Type the user ID that identifies the News Server to LDAP or the local 
directory service. 


3 In the Password and Again fields, type the password associated with the 
user ID. 


4 Click OK. 


If you get an error when you click OK, the user ID and password you 
specified are probably incorrect. 


Controlling User Connections to Your Server 


You might want to control connections to the News Server if you will be 
performing maintenance tasks on your server. The following are examples of 
when you might choose to control connections for maintenance: 


+ To renumber the active file, you can specify read-only access (no posts, 
no feeds). 
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+ If you need to shut down the server for some reason, you can disable 
newsreader connections. Users already connected to the server are 
allowed to finish their tasks. 


¢ If you want to control your News Server’s content, you can prevent the 
server from replicating discussion groups with other servers. 


To specify the type of connections to control: 


1 From the General Administration page, click the News Server server 
name button > Server Preferences > Connection Control. 


2 Check Reject New Articles for This Reason if you do not want users and 
other servers to post articles to your server. 


Users can still connect to your server to read articles. 


3 In the Reject New Articles for This Reason field, type an explanation for 
the rejection. 


The text you type is sent to any user who attempts to connect to your 
server while the connections are disabled. 


4 Check Reject Reader Connection for This Reason if you do not want 
users to connect to the server. 


Servers can still connect to send articles. 


5 In the Reject Reader Connections for This Reason field, type an 
explanation for the rejection. 


The text you type is sent to any user who attempts to connect to your 
server while the connections are disabled. 


6 Click OK. 


Specifying SNMP Configuration 


Simple Network Management Protocol (SNMP) is used to remotely monitor 
and manage IP devices across a network. Enabling SNMP allows others to 
manage objects from any SNMP manager utility, such as ManageWise®. The 
SNMP agent for NNTP is NEWSSNMP.NLM, located in the SYS\SYSTEM 
directory. If you want your NetWare News Server to be visible on an SNMP 
network, you must specify SNMP configuration for your server. 
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To configure SNMP for your server: 


1 


9 


Copy the NNTP.MIB file to the directory that you want to use to view 
MIB files. 


The NNTP.MIB file is in NOVONYX\SUITESPOT\BIN\NEWS. 
Compile the NNTP.MIB file. 


From the General Administration page, click the News Server server 
name button > Server Preferences > SNMP Setup. 


Type a description for your server, for example, News Server. 
Type the name of your organization. 


Type the physical location of your machine, for example, the building 
address. 


Type the name of the person to contact about this server. 
Usually this is the server administrator. 


To make your server visible on the SNMP network, click SNMP 
Monitoring On. 


Take your server off the network by clicking SNMP Monitoring Off. 
Enabling SNMP allows others to manage objects from any SNMP 
manager utility screen. 


Click OK. 


Specifying Technical Settings 


The Technical Settings form for your server specifies information about 
background tasks, limits, organization name, port number, and spool directory 
location. 


When you install your server, most of the technical settings have default 
values. For example, the port number reflects the server port number you 
specified when you installed NetWare 5.1. The default port is 119. 


You might want to change the settings for various reasons. The following 
sections describe how to view and change technical settings for your server. 


Specifying Background Tasks 


The News Server automatically runs certain tasks, such as periodically 
expiring articles and sending discussion groups to other news servers. You can 
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specify when and how often the News Server should perform these 
background tasks. 


1 


2 


6 


Specifying Limits 


From the General Administration page, click the News Server server 
name button > Server Preferences > Technical Settings. 


Under Background Tasks, from the Send Outgoing News drop-down list, 
select how often you want your server to send discussion groups to the 
designated replication sites. 


Frequently sending outgoing news keeps your replication sites current but 
places greater load on your News Server. 


From the Update Indexes drop-down list, select how often batch files are 
processed. 


From the Update Profiles drop-down list, select how often search profiles 
are updated. 


Frequently updating profiles keeps the search profiles more current but 
places greater load on your news server. 


From the Perform Daily Tasks drop-down list, select when the server will 
run news.daily. 


You should choose a time when the server is least busy. 


Click OK. 


You might want to control connections to the News Server to speed up your 
server. The following are examples of when you might choose to control 
connections for performance reasons. 


+ 


+ 


Limiting newsreader timeout and number of connections can improve 
server performance and aid in preventing server overload because of 
excessive activity. 


Limiting article size can help to conserve disk space. 


To specify user connection and article size values: 


1 


2 


From the General Administration page, click the News Server server 
name button > Server Preferences > Technical Settings. 


Under Limits, in the Connection Timeout field, specify how long the 
News Server will wait for another request from a newsreader before 
closing the connection. 


Setting Up Your Server 21 


This option prevents idle newsreaders from consuming system resources. 


3 Specify the number of newsreaders that connect concurrently to your 
server. 


By limiting the number of newsreaders, you can improve server 
performance. If you set the maximum newsreader connections too high 
and your server isn’t configured to handle this many connections, server 
performance might be poor. 


4 Specify the maximum article size the news server will accept from a 
newsreader or another server. 


The value you specify depends on your business requirements. 


5 Click OK. 
Specifying an Organization Name 


When users post articles to your server, they generally have an organization 
header listed in their message header information. This header might be the 
name of the company they work for or the name of the school they attend. 


The organization header can be set as an option in the user’s newsreader. If 
someone posts an article that does not have an organization header to your 
server, you can specify that a default organization header be added. 


The following illustration shows the organization name in the header of an 
article. 


Subject: Documentation Suggestions 
Date: Wed, 20 Oct 1999 13:24:21 -0600 


From: Eric Taylor <etaylor@mycompany.com=>= 
Organization: Marketing 
Newsgroups: product.component.documentation 


Hi, 
Be sure to include install information in your Getting Started guide. 
Thanks, 


Eric 
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To specify a default organization header: 


1 From the General Administration page, click the News Server server 
name button > Server Preferences > Technical Settings. 


2 Under Organization Name, in the Organization field, type the default 
header. 


3 Click OK. 


Changing the Port Number 


You might want to change the port number to improve server security. Be 
aware that changing the server port number has implications for all clients, 
including other news servers attempting to connect to your server. If a client 
is unaware of the port number change, the client can no longer connect to your 
server. 


To change the port number: 


1 From the General Administration page, click the News Server server 
name button > Server Preferences > Technical Settings. 


2 Under Port Number, type the port number. 
3 Click OK. 


The server will check whether this port is in use by some other server to 
prevent re-use. 


Spool Directory Location 


The spool directory indicates the location where all of the articles on your 
server are kept. Articles are stored in subdirectories corresponding to their 
discussion group names. For example, you might find music, theater, and 
dance subdirectories. Under music you might find rock and classical 
directories. 


When you install the server, the spool directory is automatically created. You 
might want to point to another spool directory, or you might want to create a 
new spool directory. 


Changing the Spool Directory Location 


You can change the location of the spool directory without affecting the 
HISTORY file. (The HISTORY file contains a mapping of the message IDs 
to the filenames in the spool directory.) 
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Be sure the new spool directory has the correct ownership and permissions 
(read, write, and execute). Otherwise, you will have problems with your 
server. 


1 


2 


4 


5 


From the General Administration page, down the News Server by 
clicking Off. 


Copy the spool hierarchy to the new directory. 


From the General Administration page, click the News Server server 
name button > Server Preferences > Technical Settings. 


Under Spool Directory Location, in the Spool Directory field, type the 
new location. 


Click OK. 


Creating a New Spool Directory 


If you are copying the entire spool, you do not need to create new 
subdirectories. 


1 


3 


4 


Create the directory where you want to keep the spool. 


The new directory (and subdirectories) must have the same ownership 
and permissions as the original subdirectory. 


Create the following subdirectories: 
+ in.coming 

+ out.going 

+  over.view 

+  news.archive 


From the General Administration page, click the News Server server 
name button > Advanced Tasks > Recovery. 


Rebuild any full-text indexes. 


Specifying a Message of the Day 


You might want to leave a message such as status condition notes of your 
News Server for other administrators who help to maintain your server. The 
administrators will not receive the message of the day by e-mail. They must 
access the Message of the Day field through the News Server interface to view 
the message. 
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To specify a message of the day: 


1 From the General Administration page, click the News Server server 
name button > Server Preferences > Message of the Day. 


2 Type the message. 
3 Click OK. 


Informing Your Users 


After you have set up the News Server, you should inform your users how to 
use the News Server. For information on how to set up a news reader, refer to 
Accessing the NetWare News Server in User Solutions Guide. 
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Generating and Viewing Reports 


This section describes how you can create NetWare® News Server reports. 
You can create reports about the daily maintenance, general server activities 
and statistics, replication, and disk usage. 


Using the Daily Report 


Understanding the Daily Report 


The News Server uses the program news.daily to perform daily maintenance 
processes, some of which are reported in the daily report. For more 
information on news.daily, refer to “Running News.daily” on page 93. 


The daily report also includes information summaries of the server's 
performance and activities for the last day. The daily report shows you the 
following: 


+ 


+ 


+ 


L 


L 


The status of the server (running or stopped) and whether it's accepting 
new replication and reader connections 


The file system status, including how much disk space is being used 


The sizes of the following files: HISTORY, ACTIVE, Server Log, and 
the Discussion Replication Log 


Information about expiration policies and expiration status, including the 
number of article lines processed, articles retained, expired entries, 
unlinked files, old entries dropped, old entries retained 


Information about archival logs 


Information about server statistics, including statistics time summary; 
replication statistics; all articles posted to the server; and user 
connections, posts, and reads 
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The server statistics can also be seen in the Server Statistics report. 


Some information is color-coded (red, green, or yellow). For example, the file 
system capacity appears in green if you have a lot of disk space left; it appears 
in red if you are running out of disk space. 


The daily report is generated at the same time the daily tasks are run. You can 
specify that the daily report be sent automatically to your e-mail address in the 
Mail Notices to News Administrator form (from the News Server interface, 
click Reports > Mail Notices). 


Generating the Daily Report 


1 From the General Administration page, click the News Server server 
name button > Reports > View Daily Report. 


2 Select the daily report that you want to view. 


3 Click View Report. 


Using the Server Log 


Understanding the Server Log 


The server log contains information about most server activities, such as who 
connected to the server, what discussion groups were read, what articles were 
posted, and what problems occurred. 


Messages are numbered according to priority, with lower numbers 
representing higher-priority messages. The number can be found in the log 
entry after the last colon. Highest-priority messages, usually indicating an 
error condition that requires some action on your part, appear in red. For 
example, the entry [99/07/12 15:53.41] innd:indexer- 
special opened indexer-special:6:file indicates a level 6 
priority. 


A typical message you might see in the server log shows the message format: 


3 [96/06/19 04:00.58] innd:ME new client starting: "/news/ns- 
news-pb2/bin/news/bin/nnrpd -s -i 204.257.234.169" 


If you are having problems with your server, the server log is the first place 
you should look for information. The information you see depends on the log 
level specified: Debug, Fatal, Error, or Notice. Debug lists all messages. 
Notice lists a minimal number of messages. 
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The server log is archived each time the server’s daily maintenance routines 


are run. 


Processes that Log Messages 


The processes that frequently send messages to both the server and discussion 
replication logs are listed in the following table. 





Process 


Description 





innd 


nnrpd 


nntpsend 


innxmit 


indexer 


newstime 


ns-admin 





The main server process that 
handles all discussion group 
replications, listens to the 
specified news port, and 
responds to connections from 
newsreaders. 


The server process that spawns a 
thread for each newsreader it is 
handling. The nnrpd process is 
sometimes referred to as "reader 
process" or "reader processes" 
and is invoked by innd. 


The process that batches 
discussion group replications for 
transmittal by the innxmit 
process. 


The process that transmits 
articles to servers. The nntpsend 
process invokes this process. 


The process that indexes articles 
for full-text searching purposes. 


The process that schedules jobs, 
such as running news.daily, 
updating profiles, the nntpsend 
process, and so on. 


The administration server 
process. 
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Viewing the Server Log 


To determine the number of log cycles and the level of detail in the server 
replication log, refer to “Specifying Logging Preferences” on page 42. 


1 From the General Administration page, click the News Server server 
name button > Reports > View Server Log. 


2 Select the log you want to view. 
Type the number of entries you want to view. 


4 In the View Only Entries Containing field, type a search string if you 
want to find specific entries. 


For example, if you want to see information about errors, type Errors in 
the search field. 


5 Click View Log. 
Interpreting the Server Log 


The following section provides examples of server log messages and how to 
interpret them. 


Client Connection Information 


Client connection information provides a record of who has been accessing 
your server. These messages are informational only and do not indicate an 
error or problem. 


The following message indicates that the main process (innd) is starting a new 
reader and handing off the connection to a reader process (nnrpd). The 
connecting client has the IP address 204.257.234.169. 


3 [96/06/19 04:00.58] innd:ME new client starting:"/news/ns- 
news-pb2-bin/news/bin/nnrpd -s -i 204.257.234.169 


The next message indicates that the nnrpd process has accepted the handoff 
for the above connections. (Notice that the IP address is the same.) 
3 [96/06/19 4:00.59] nnrpd (5): Starting new reader, got 


socket: 22 and cmdline:"/news/ns-news-pb2/bin/news/bin/ 
nnrpd -s -i 204.257.234.169" from innd 


The next message indicates that the host TS368.DIALUP.PREM.NET has 
successfully connected. (This host has IP address 204.257.234.169, so it is the 
same host as in the previous two messages.) 
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3 [96/06/19 04:01.02] nnrpd(5) :ts369.dialup.prem.net connect 


Normal Client Session and Disconnects 


During a client session and when a client disconnects, the client process logs 
informational messages about the sessions. Some of this information is used 
by the daily report to generate statistics. 


The following message indicates that the connected client read three articles 
in the discussion group SUPPORT.NOVELL: 


3 [96/06/19 04:01.02] nnrpd(2) :245.dallas-3.tx.dial- 
access.att.net group support.novell 3 


The next message indicates that the client read a total of three articles in one 
discussion group during its session, then disconnected from the server: 


3 [96/06/19 04:01.02] nnrpd(2) :245.dallas-3.tx.dial- 
access.att.net exit articles 3 groups 1 


The next message indicates that the client was connected a total of 1662.313 
seconds, used 3.360 seconds of CPU time for user code, and 0.620 seconds for 
system code: 


3 [96/06/19 04:01.02] nnrpd(2) :245.dallas-3.tx.dial- 
access.att.net times user 3.360 system 0.620 elapsed 
1662.313 


Abnormal Client Disconnects 


Abnormal client disconnect messages indicate that a client is acting 
improperly. You can generally ignore these types of messages. 


The following message indicates that a client has attempted to connect to the 
news port, but was unable to do so: 


2 [96/06/19 04:00.58] innd:ME cant accept RCreader Protocol 
error 


You might see this message if a client that is not a newsreader attempts to 
connect to the news port. Because the server and the connecting program do 
not use the same protocol, they cannot communicate, so innd closes the 
connection. In most cases, you can ignore this message. 


The next message indicates the network connection has been closed due to a 
timeout: 


3 [96/06/19 04:01.02] nnrpd(2) :245.dallas-3.tx.dial- 
access.att.net timeout 
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Most news clients send a quit message when they are finished. However, some 
clients do not send quit messages. Normally, the server keeps the network 
connection open until it receives a quit message. However, if a certain amount 
of time has passed and the client has not sent anything to the server, the server 
closes the connection. This is called a timeout, which you can safely ignore. 


Incoming Discussion Groups 
Incoming discussion groups are articles sent to your server from other servers. 


The following example message indicates that the server NEWS.FOO.COM 
connected and sent 31 articles to your server. Your server accepted 29, refused 
1, and rejected 1. 


[96/07/15 15:58.03] innd:news.foo.com:29 closed seconds 12 
accepted 29 refused 1 rejected 1 


Outgoing Discussion Groups 
Outgoing discussion groups are articles sent by your server to other servers. 


The following message indicates that your server is sending articles to another 
server (called SECNEWS in this example). Your server offered one article, 
which was rejected: 


[96/06/19 04:25.06] nntpsend: [28260:28261] innxmit -a -t180 
secnews .netscape.com...[96/06/19 04:25.07] 
innxmit:secnews.netscape.com stats offered 1 accepted 0 
refused 0 rejected 1[96/06/19 04:25.07] 
innxmit : secnews.netscape.com times user 0.180 system 0.060 
elapsed 0.453 


If only one article is rejected, you need not worry. If, however, all your articles 
are refused or rejected, you should contact the administrator of the other 
server. If the administrator of the other server indicates that the server is not 
receiving your replicated discussion groups, check for the following status 
messages in your log file: 


4 [96/06/19 04:05.04] 
innd:E:secnews.netscape.com: secnews.netscape.com.work [96/ 
06/19 04:05.04] innd:secnews.netscape.com makebatch- 
>secnews .netscape.com.work[96/06/19 04:05.04] 
innd: secnews.netscape.com closed[96/06/19 04:05.04] 
innd: secnews.netscape.com opened 
secnews .netscape.com:23:file 
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These messages indicate that the innd process has created a batch file 
containing article information to send to the server SECNEWS. Check to see 
if nntpsend and innxmit are running. If they are not, make sure SECNEWS is 
configured as a replication host in the Configure Replication Host form (from 
the General Administration form, click Discussion Replication > Configure 
Replication Host). 


Server Load Information 


Innd Errors 


The server process (innd) occasionally asks the reader processes (nnrpd) for 
status. Each reader process provides information about the number of clients 
it is handling. Next, innd notes the active value for future load balancing 
efforts. The reader process messages are informational only and do not 
indicate an error or problem. 


Server errors generally indicate a problem with the server that must be 
investigated and corrected if necessary. 


The following message indicates an error occurred when innd was attempting 
to write information to a sending host. The error number, 10054, indicates that 
the connection was reset, which usually means that the sending host closed the 
connection early: 


2 [96/08/16 15:20.50] innd:257.0.180.15:7 can’t write 
[Errno:10054] 


If you see a lot of these messages and your incoming discussion groups from 
that site (257.0.180.15 in this case) seem to be lacking, contact the 
administrator of the other site and see why the connection is getting dropped. 


The next message indicates that innd can’t communicate with an nnrpd 
process that it expects is running: 


2 [96/08/16 17:00.38] innd:unable to query nnrpd(0): 232 
The nnrpd has hung. 
The following message indicates that your ACTIVE file is bad. 


2 [96/06/29 04:15.11] innd:ME bad_format active 
The next message indicates that innd couldn’t delete a file. Normally this is 
not a problem, but it can be a symptom of another problem. If you start to see 


a lot of these messages, check for other problems, such as problems with 
permission or ownership. 
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ACTIVE File Errors 


2 [96/07/07 21:10.34] innd:ME cant unlink 


The next message indicates that innd couldn’t link an article file. (Article files 
are linked when an article is cross-posted to save space.) The linking can fail 
for various reasons, including one of the link names existing as a regular file. 
If you get the following message too often, try renumbering your ACTIVE file 
in the Server Recovery form (from the News Server interface, click Advanced 
Tasks > Recovery.) 


2 [96/07/25 19:08.17] innd:ME cant link talk/politics/misc/ 
965 


The ACTIVE file contains information about all the discussion groups your 
server carries. The ACTIVE file might contain a formatting error, an invalid 
discussion group name, an illegal discussion group name, duplicate discussion 
group names, or incorrectly formatted lines. 


The following message indicates that the two required discussion groups, 
control and junk, do not exist. Without these groups, the server will not run: 


1 [96/06/24 09:29.43] innd:ME internal no control and/or junk 
group 


You can add the groups through the Discussion Group Manager (from the 
News Server interface, click Discussion Groups > Manage Discussion Groups 
> OK) or you can remake the ACTIVE file in the Server Recovery form (from 
the News Server interface, click Advanced Tasks > Recovery) if the groups 
exist but are not in the ACTIVE file. 


The next message indicates that discussion groups listed in your ACTIVE file 
have invalid names according to RFC1036, the Internet standards document 
that defines valid newsgroup names. 


2 [96/07/09 11:14.37] ctlinnd:parseactive invalid newsgroup 
name2 [96/06/21 20:23.29] ctlinnd:parseactive invalid 
newsgroup name "GPsemi.lincoln.test3": Illegal 


The discussion group name might be in uppercase, for example, or might 
contain numbers, such as FOO.COM.752. 


You can rename the group or remove the group. Although it is not 
recommended, you can override group name validity checking by changing 
the REQUIRE_VALID1036_NAMES parameter value in the 
NSNEWS.COMFfile from DO to DONT. If you change the value, be aware 
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that doing so might cause server problems. For example, your server’s 
replication with fail to hosts that have the parameter set to DO. 


The next message indicates a failure to write to the HISTORY file. The News 
Server stores information about all articles in a file called HISTORY. If the 
News Server cannot write to the HISTORY file, disk configuration problems 
and corruption of files can occur. The News Server will be unable to expire 
articles or to accept new articles: 


2 [96/07/25 19:08.18] innd:ME cant write history 
[Errno:10009] 


Check for permission problems and lack of disk space. After fixing the 
problem, you will need to restart your server. You might also want to rebuild 
your HISTORY files, but this can take several hours, depending on the size of 
the HISTORY file and the number of articles on the server. 


The next message indicates a failure to flush the log files. The server flushes 
the log files when running news.daily, for example, or when rotating log files. 
The server names the backup log file NAME.OLD. 


inte2 [96/06/24 09:29.43] innd:ME cant fflush log [Errno:9] 


The error code indicates that there is a bad descriptor. Try stopping the server 
and restarting it. 
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Understanding the Discussion Replication Log 


The discussion replication log provides information about incoming 
discussion groups, including information about which articles your server 
accepts, which articles your server rejects, and why articles are rejected. 


The discussion replication log is archived each time the server's daily 
maintenance routines are run. For more information about the processes that 
are logged in the discussion replication log, refer to “Processes that Log 
Messages” on page 29. 


Red messages indicate an error condition. 
Viewing the Discussion Replication Log 


To determine number of log cycles and level of detail in the discussion 
replication log, refer to “Specifying Logging Preferences” on page 42. 
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1 From the General Administration page, click the News Server server 
name button > Reports > View Discussion Replication Log. 


2 Select the log you want to view. 
3 Type the number of entries you want to view. 


4 In the View Only Entries Containing field, type a search string if you 
want to find specific entries. 


For example, if you only want to view information about incoming 
discussion groups from a specific server, type your server name. 


5 Click View Log. 
Interpreting the Discussion Replication Log 


The following are examples of what you might see in the log: 


On September 24, at the given time, your server was offered and accepted an 
article from the server NEWS.ROYAL.COM. The plus sign (+) indicates that 
your server accepted the article. 


Sep 24 15:24.10.569 + news.royal.com 
<sad23ldadas@news.moof.com> news.somecom.com 


On December 4, at the given time, your server was offered and rejected an 
article from the server NEWS.ROYAL.COM. The minus sign (-) indicates 
that your server rejected the article because NEWS.DEV.BATMAN is not 
listed in the server’s ACTIVE file. 


Dec 4 11:27:45:586 - news.royal.com 
<32A5CBF6.72E3@novell.com> 437 Unwanted newsgroup 
"news .dev.batman" 


Using Server Statistics 


Understanding Server Statistics 


You can view statistics from the View Server Statistics form (from the News 
Server interface, click Reports > View Server Statistics) about replication, all 
articles posted to the server, user connections, user posts, and user reads. 


Replication Statistics 


You can view the following information about incoming and outgoing 
discussion groups: 
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+ 


+ 


+ 


Hostnames 


The number of articles offered, accepted, refused, and rejected by your 
server 


An article is refused usually because it is a duplicate of another article on 
your server. An article is rejected because there is something wrong with 
the article and therefore it cannot be posted. 


The average number of articles per second sent from or received by your 
server 


All Articles Posted to the Server 


All Articles Posted to the Server refers to articles posted to your server by 
users and by discussion group replication. Article size is measured in bytes. 


You can view the following information about articles and discussion groups 
on your server: 


+ 


+ 


The total number and size of articles received by your server. 


The number of posts to your server that were not received by your server. 
(Your server did not include the post in the article spool.) 


A list of the highest-posting discussion groups and hosts on your server. 


The total number of articles posted to your server that failed and the 
reason for the failure (for example, duplicate) 


A list of the top hosts sending articles to discussion groups not supported 
by your server, determined by the total number of articles sent to the 
unsupported discussion group by each host 


A list of the top hosts posting unapproved articles to moderated 
discussion groups on your server, determined by the total number of 
unapproved articles sent by each host 


A list of the top unsupported discussion groups being fed to your server, 
determined by the number of articles in each discussion group 


A list of the top moderated discussion groups on your server receiving 
unapproved articles, determined by the number of unapproved articles 
received by each discussion group 


Understanding Posts and Cross-Posts 


If an article is posted simultaneously to multiple discussion groups, only one 
copy of the article is stored in the spool. 
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Best ever 
No Way 
Try it 

















User Connections 


Origin Discussion Group 


S Good Meal Best ever Mom 11/22 
Ene Di ning : No Way Granny 11/22 
Four Star Cookie Try it Mom 11/22 

Feasts for Two Romeo 11/18 Oat flour Martha 11/22 


For example, an article is posted to ROYAL.PETS.SNAKES, 
ROYAL.PETS.LIZARDS, and ROYAL.PETS.TURTLES. One copy of the 
article is stored in the spool for ROYAL.PETS.SNAKES. The copies for the 
other discussion groups are links to the article stored in 
ROYAL.PETS.SNAKES. The post is the article stored in 
ROYAL.PETS.SNAKES and the cross-posts are the copies in 
ROYAL.PETS.LIZARDS and ROYAL.PETS.TURTLES. 


The following illustration shows one post in the origin server and two cross- 
posts in the target servers. 


Target Discussion Group 


Author Date 


Rolling in Dough Rich 11/22 

How do | Enter? Bev 11/23 
Crust Baker 11/22 
Recipe B.C. 11/22 
















Author 





Date 


Lost Pounds Skinny 12/05 


Exercise TJ 12/05 
Diet Slim 12/05 


Recipe B.C. 12/05 


Best ever Mom 12/05 
No Way Granny 12/05 
Try it Mom 12/05 


Target Discussion Group 


Cross-posts are not considered when determining statistics about the size of 
articles received by your server. 


A user connection is a connection by a user, not by a server. Connection time 
is measured in seconds. 
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You can view information about each user connection and the reason for each 
disconnection. 


User Posts 


A user post is a post to your server from a user, not a replication from another 
server. 


You can view the following information about user posts: 
¢ Article statistics 
+ The number of posts to your server that failed 


+ A list of the highest-posting discussion groups, hosts, and users on your 
server 


User Reads 
A read is when a user reads an article on your server. 
You can view the following information about user reads: 
+ Read statistics 


+ A list of the top discussion groups, hosts, and users on your server, 
determined by the number of articles read in each entity 


Viewing Server Statistics 


1 From the General Administration page, click the News Server server 
name button > Reports > View Server Statistics. 


2 Click one of the following options: 
+ Get Statistics For drop-down list > select the time period 


+ Get Statistics From > type the appropriate information in the 
associated fields 


+ Get All Available Statistics 
3 Click one of the following options: 
+ Get Statistics Summary 


+ Get Statistics for Users Matching > type the users in the associated 
field 


+ Get Statistics for Hosts Matching > type the hosts in the associated 
field 
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+ Get Statistics for Discussion Groups Matching > type the discussion 
groups in the associated field 


You can use wildcard characters in your search string. 
4 Select the number of entries you want to view. 


5 Click OK. 


Interpreting Server Statistics 


The following statistic tools are used to gather server information. 


Discussion Replication 


You can use the discussion replication statistics to determine if your 
discussion group replications are operating correctly. You can determine if 
you are 


+ Receiving articles from the expected hosts 
¢ Sending articles to the expected hosts 


+ Not offering articles to an expected host, indicating you are not sending 
to the host at all 


+ Offering articles to another host, but too many of your articles are being 
rejected by the host, indicating a problem with the replication setup to the 
host 


All Articles Posted to the Server 
You can use the All Articles Posted to the Server statistics to determine 
+ If you meet necessary disk storage requirements 


+ Which discussion groups you no longer want to support because they are 
consuming too much disk space and are not critical to your business 


+ Problems with the moderation policy on your server or on servers that are 
sending to your server 


+ Broken software at other sites sending malformed articles 


User Connections 
You can use the user connection statistics to determine 


+ Appropriate reader limits 
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User Posts 


User Reads 


+ Server load and size 
+ Total usage 
You can use the user disconnection statistics to determine 
+ Network troubles 
+ Client software problems 


¢ Appropriate reader limits 


You can use the user posts statistics to determine 
+ Overall server usage 
¢ Specific post problems to your server 


+ Traffic in local discussion groups that might not otherwise show in the All 
Articles Posted to Your Server section due to relatively low volume. 


You can use the user reads statistics to determine local discussion group 
usage. 


Using Disk Usage 


Understanding Disk Usage 


You can view the following information about disk usage: 
+ The percentage of disk space used 
¢ The total amount of disk space used 
+ The number of articles stored on the disk 


+ The number of subdirectories 


The statistics are shown for each directory in the spool. You will always see 
statistics for the following directories: 


+ in.coming (incoming articles) 
+ out.going (outgoing articles) 


+ over.view (indexes) 
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+ news.archive (archived articles, if you have any) 


Viewing the Disk Usage Summary 


1 From the General Administration page, click the News Server server 
name button > Reports > Disk Usage. 


2 Type the directory name. 
3 Click Run Summary. 


Interpreting Disk Usage 


You can use the disk usage information to determine 
¢ If you are running out of disk space 
+ If you need to run expire more frequently because the archive is too big 
+ Where the bulk of your disk space is being used 


+ How large each hierarchy is 


Using Logging Preferences 


Understanding Logging Preferences 


You can specify the number of log cycles and the level of detail that you want 
in the log files. 


Specifying Logging Preferences 


1 From the General Administration page, click the News Server server 
name button > Reports > Logging Preferences. 


2 Type the number of log cycles. 


This is the number of archived copies of the daily reports and logs that 
you can view from the View Daily Report and View Server Log forms. 


3 Click the Log Level drop-down list > select the level of detail that you 
want in your logs: Notice, Fatal, Error, or Debug. 


Each log level provides more information, with Debug providing the 
most information. 


4 Click OK. 
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Using E-Mail Notices 


Receiving E-Mail Notices 


You can specify whether you want to receive the news.daily report and 
emergency warnings, such as "News.daily cannot send a report because it 
cannot write to a temporary file." 


You can view the news.daily report in the View Daily Report form (News 
Server interface > Reports > View Daily Report), so you might not want to 
receive the report by e-mail. It is a good idea, however, to receive emergency 
warnings by e-mail so you can take corrective action immediately. 


You can also receive control articles by e-mail if you specify to in the Control 
Article Handling form (from the News Server interface, click Discussion 
Replication > Control Article Handling). 


Specifying an E-Mail Address for Notices 


1 From the General Administration page, click the News Server server 
name button > Reports > Mail Notices. 


2 Type the e-mail address of the administrator. 
Type the mail hostname. 


4 Check the Send News.daily Report to Admin Via E-Mail check box if you 
want to receive the news.daily report. 


5 Check the Send Emergency Warnings to Admin Via E-Mail check box if 
you want to receive emergency warnings. 


6 Click OK. 
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Controlling Access to Your Server 


After you decide what type of access control your server requires (refer to 
Chapter 2, “Planning your News Server,” on page 13) perform the tasks that 
correspond to the appropriate level of access control. The following list 
outlines the tasks necessary to set up access control for your server and 
discussion groups. Only perform those tasks that correspond to the determined 
level of access control. 


1. Enable access control. 


For more information on access control, refer to “Understanding How 
Access Control Works” on page 59. 


2. Define the users and groups who will access your server. 


If you are using Novell® Directory Services® (NDS)™, you can use the 
users and groups you have already defined. 


3. Define and manage the roles that determine the type of access a user has 
to a particular discussion group or discussion group hierarchy. 


4. Specify access control rules (for LDAP and local directory users only). 


5. Delegate discussion group management tasks if appropriate (for LDAP 
and local directory users only). 


With NDS, only the News Server administrator can manage discussion 
groups. 


Controlling Access with NDS 


If you are using Novell Directory Services (NDS), you set up access control 
through NetWare™ Administrator. Use the NDS objects you have already 
created and then grant rights to the discussion group directories. 
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Be certain that your users or group are in the context specified in the Configure 
Directory Service form of the NetWare Web Manager (Global Settings > 
Configure Directory Service). If your users or group are in a subcontext of the 
context listed on this form, they must specify this additional context when 
authenticating to the discussion group. 


For example, if the context listed in the Configure Directory Service form is 
DOC, a user who is in the Writers Organizational Unit under DOC must 
authenticate to the discussion group by typing username.writers. 


Setting Up Access Control Using NDS 


1 From the General Administration page, click the News Server server 
name button >Access Control > Access Control Options. 


2 Select Access Control On. 


Select any other options you want. For more information about this form, 
click Help. 


3 From the General Administration page, click Users & Groups. 


Select the User or Group that you want to have access to the discussion 
group. 


If you select a Group, all members of the Group will have the same access 
rights to the discussion group. 


5 Copy (CTRL + C) the context of the user or group that appears after 
Current NDS Object. 


6 Click Users & Groups > server name volume. 
7 Click to the directory that you want the user or group to have rights to. 


The spool directory location is listed in the Technical Settings form (from 
the News Server interface, click Server Preferences > Technical 
Settings). The default is \NOVONYX\SUITESPOT\NEWS-server 
name\SPOOL. 


8 Click Access Control List > in the Add Trustee field, paste the user or 
group context. 


9 Check the rights that you want the User or Group to have. 


To specify the reader role for a User or Group, check File Scan and Read. 
To specify the poster role for a User or Group, check File Scan, Read, 
Create, and Write. 


10 Click Add Trustee > OK. 
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Controlling Access with LDAP or a Local Directory 


If you are using LDAP or a local directory, you can use the News Server 
interface to enable access control and create Users and Groups. 


Setting Up LDAP 


To set up LDAP: 


1 


2 


10 


From the General Administration page, click Global Settings > Configure 
Directory Service > LDAP Directory Server > OK. 


In the three fields, type the BASE DN, BIND DN, and BIND password. 
There is only one base dn in LDAP, so choose it carefully. 


Restart the NetWare Web Manager by typing nvxadmdn and then 
nvxadmup at the server console. 


Restart the News Server by typing nvxnewdn and nvxnewup at the 
server console. 


From the General Administration page, click the News Server server 
name button > Preferences > Directory Server Options. 


Type the fully distinguished username and password. 


For example, if your user name is admin, the fully distinguished 
username is cn=admin, o=mycompany. Be sure to use the LDAP- 
standard comma. 


Run the EXTNSCAL.NLM from the server that has both NDS and LDAP 
running. 


The EXTNSCAL.NLM creates class definitions in NDS so that it works 
properly with LDAP. 


In NetWare Administrator, double-click on your LDAP group. 


If nothing happens after you double-click, you might have a version of 
NetWare Administrator that doesn’t understand LDAP groups. If this is 
the case, you will need to get a version of NetWare Adminstrator that 
does. 


Verify that the Allow Clear Text Passwords box is checked > click OK. 
If you have a big tree, this process may take a while. 
Under your BASE DN, create an OU called Netscape Servers. 


The News Server role information will be kept here. 
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Create an ASCII file in LDIF format. 

The file should have the following information: 

dn: ngcomponent=.,ou=Netscape Servers,basedn 
objectclass: top 

objectclass: nginfo 

ngcomponent: 

nsaclrole: reader:rv 

nsaclrole: poster:prvc? 

nsaclrole: manager:amnprvcC? 

nsnewsacl: 1:*:a:D:poster::::d: 


Using LDAPADD at the command line, create an ASCII file with the 
following information: 


Ldapadd -a -h <NDS master server ip address> -D <fully distinguished 
username> -w <password> -v -f <filename> 


Enabling and Disabling Access Control 


When the server is installed, access control is off by default. Thus, anyone can 
access your server with no restrictions. This is usually only done in an intranet 
environment in which users are known and trusted. You might want to enable 
access control in order to give users access restrictions. If you enable access 
control, you also enable authentication. 


Enabling Access Control 
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1 
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From the General Administration page, click the News Server server 
name button > Access Control > Access Control Options. 


Click Access Control On. 


If you want to require authentication when a user first connects, check the 
box. 


Under Default Authentication Method, check one of the following 
authentication methods: 


+ Use Basic Username/Password 


If you are not running an SSL-enabled server, the only authentication 
method available is Basic Username/Password. 
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+ Use Client Certificate 


5 If you want to control access by restricting host connections, check the 
box. In the Accept Connections from These Clients field, type the hosts 
you will accept connections for. 


+ You can specify hostnames or IP addresses. 
¢ Specify all clients by specifying an asterisk (*). 


+ Use an asterisk (*) to specify domains, such as *.XYZ.COM or 
123.456.789.*. 


+ Use the exclamation point (!) to deny access. For example, you can 
specify no clients by typing !*. Deny access to hostl by typing 
!hostl. 


Limiting host connections is especially useful for granting access to users 
who are external to your organization’s internal network. You can grant 
access to specific host machines without having to create special groups 
for the external organization. 


6 If you do not want to resolve IP addresses into hostnames for access 
control, check the box. 


If you check the box, you will improve authentication performance. 
However, you will only see IP addresses in your server reports, and you 
cannot refer to hostnames when filling out forms (such as in Step 5), 
specifying search criteria, and so on. 


7 Click OK. 


Disabling Access Control 


1 From the General Administration page, click the News Server server 
name button > Access Control > Access Control Options. 


2 Click Access Control Off. 
3 Click OK. 
After access control is disabled: 
+ All users can access all discussion groups 
+ Any access control rules remain defined, but are no longer enforced 


¢ The server does not check the authenticity of Cancel messages 
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Defining and Managing Roles 


A role is a set of permissions that a user, group, or host has to a particular 
discussion group or discussion group hierarchy. Three roles are predefined: 


+ Manager: Has all permissions (Admin, Cancel, Cancel Any, Moderate, 
Newsgroup, Post, Read, and View) to a particular discussion group or 
discussion group hierarchy 


+ Poster: Can view, read, and post messages. 
Posters can cancel their own posted messages. 


+ Reader: Can view and read messages 


You can also create new roles and associate permissions with the new roles. 
The easiest way to grant roles to users is by creating groups and assigning 
roles to the groups. 


Be careful when creating roles because you cannot delete them. If you create 
a role you do not need, do not assign any user or group to that role. 


To create, modify, or view roles: 


1 From the General Administration page, click the News Server server 
name button > Access Control > Manage Roles. 


2 Locate the scroll-down menu of the role you want to update. 


3 In the associated scroll-down menu, Ctrl+click the permissions you want 
to add to the role 


or 


To delete permissions from the role, Ctrl+click the highlighted 
permissions. 


4 In the Role Name field, type the name of the role you want to create. 


5 Inthe Role Name scroll-down menu, select the permissions you want the 
role to have. 


6 Click OK. 
Specifying Access Control Rules 


You specify access to a particular discussion group by creating an access 
control rule. The access control rule maps the user or group to a particular 
discussion group and specifies which role the user has in the discussion group. 
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You specify access control rules in the Discussion Group Manager. 


Delegating Discussion Group Management 


You can use roles to delegate discussion group management tasks to other 
managers or end users. The managers or users can perform the following tasks 
on the discussion group hierarchy they manage: 


+ View all discussion groups 

+ Create new discussion groups 

+ Remove discussion groups 

+ Access and change basic information about any discussion group 

+ Add new access to any discussion group 

+ Modify the access to any discussion group 

+ Specify managers and moderators for lower-level discussion groups 


+ Cancel messages posted by other people 


The managers or end users must be assigned a manager role to access the 
discussion group management functions available through a browser. 


By delegating discussion group management tasks, you can focus more on 
system administrative tasks, such as 


+ Configuration and maintenance 
¢ System security 
+ Replication of discussion groups 


¢ Load balancing and system tuning 


If you decide to delegate discussion group management, educate your 
delegates about the effect of roles on access control to your server. 
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Managing Discussion Groups 


This section describes how to create, control access to, and manage discussion 
groups. Before you create discussion groups, refer to “Plan Discussion 
Groups” on page 14. 


You can delegate these discussion group management tasks to users by 
granting them a manager role. For more information about delegating 
discussion group management, refer to “Delegating Discussion Group 
Management” on page 51. 


You manage discussion groups through the Discussion Group Manager. The 
following illustration shows the Discussion Group Manager. 
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Creating a Discussion Group 


To create a discussion group, the server must be running. 


1 From the General Administration page, click the News Server server 
name button > Discussion Groups > Manage Discussion Groups > OK. 


2 Select the parent discussion group 

or 

Select the root-level discussion group to add a top-level discussion group. 
3 Click New. 


4 Inthe Name field, type the name of the discussion group that the user will 
see. 
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The name cannot include spaces, most special characters, numbers, and 
uppercase letters, unless you specifically configure the server to allow for 
them. For more information about naming, refer to “Naming Your 
Discussion Groups” on page 57. 


5 In the optional Description field, type the discussion group topic. 


The name can include spaces, lowercase and uppercase letters, and 
special characters. 


6 Click one of the following options: 


+ 


Categorized Discussion Group 


A categorized discussion group provides a three-paned interface in 
which the user can view the entire discussion group hierarchy, all of 
the articles within a particular discussion group, and the text of a 
particular article. The categorized attribute only affects the 
presentation of the discussion group within the client newsreader. 


In a categorized discussion group, any lower-level discussion group 
is a category. A categorized discussion group cannot contain another 
categorized discussion group. 


If the parent discussion group is already categorized, you do not see 
a choice for the type of discussion group. Instead, the type of 
discussion group becomes a category discussion group. 


Standard Discussion Group 


A standard discussion group provides a two-paned interface in which 
the user can view all of the articles within a particular discussion 
group and the text of a particular article. 


7 Under Advanced Options, select the option you want: 





Option Purpose 





Create Group on Local Server Specifies to create the discussion 


Only group only on the local News 
Server. 

Create Group on All Internal Specifies to create the discussion 

Connected Servers group on all connected servers. 


The request to create the 
discussion group is also sent to 
the replication sites. 





Managing Discussion Groups 55 


Option 





Purpose 





Allow Local and Remote Postings 


Allow Only Remote Postings 
(Feed Only) 


Moderate Discussion Group and 
Send Postings Via E-Mail To field 


Gateway to E-Mail Address field 


Do Not Keep Articles for This 
Discussion Group, but Pass 
Them to Feed Sites 


This Discussion Group is a 
Referral For field 


8 Click Submit. 
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Specifies to allow local and 
remote postings. 


Local postings are articles posted 
directly to your discussion groups 
by users. Remote postings are 
articles sent to your discussion 
groups by replication. 


Specifies that only articles sent to 
your discussion groups by 
replication can be posted to the 
discussion group. 


Specifies that this discussion 
group will be moderated and 
includes an e-mail address for the 
moderator’s e-mail address. 


Specifies that the discussion 
group will be a gateway. Type the 
e-mail address for the gateway. 


Specifies that articles are stored 
in the spool only until they are 
sent to other replication sites. 


Users cannot read the articles 
from your server. 


Specifies discussion groups that 
are no longer in use or useful. 


For example, suppose you want 
to obsolete DISCUSSIONA and 
point users to DISCUSSIONB. In 
the Referral field for 
DISCUSSIONA, you type 
DISCUSSIONB. When users 
post to DISCUSSIONA, they will 
get a message to post to 
DISCUSSIONB. 


The server administrator receives a notification control message for each 
discussion group that is created. 


Naming Your Discussion Groups 


The News Server enforces the latest proposed newsgroup naming standards. 
A few Usenet newsgroups do not comply with these standards. Your server 
will reject these newsgroups. 


Although it is not recommended, the server administrator can override 
discussion group name validity checking. 


To change the naming standards: 
1 Open the NSNEWS.COMF file. 


The file is located in the NOVONYX\SUITESPOT\NEWS- 
SERVERNAME\COMFIG directory. 


2 Change the REQUIRE_VALID1036_NAMES parameter from DO to 
DONT. 


IMPORTANT: If you do change the value, some server problems might occur. For 
example, your server's replication will fail to hosts that have the parameter set to 
DO. 


When creating your own local discussion groups on a news server that also 
contains Usenet newsgroups, you shouldn’t use any Usenet group names. You 
should keep the convention of general to specific. For example, if your 
company is called Royal, you might create a discussion group named 
ROYAL.HR.BENEFITS. The company name is first, followed by a 
department name, followed by a topic name. 


Modifying Discussion Group Properties 
You can modify any of the discussion group properties you originally created 
the discussion group with. 


1 From the General Administration page, click the News Server server 
name button > Discussion Groups > Manage Discussion Groups > OK. 


2 Select the discussion group you want to modify. 
3 Click General Properties. 


4 To modify the name the user sees, in the Display Name field, type the new 
discussion group name. 
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5 To modify the description, in the optional Description field, type the 
particular topic that the discussion group is about. 


6 To modify the type of discussion group, click Categorized Discussion 
Group or Standard Discussion Group. 


If the parent discussion group is already categorized, you will not see a 
choice for the type of discussion group. 


7 Under Advanced Options, select the option you want to modify. 





Option Purpose 





Allow Local and Remote Postings Specifies to allow local and 
remote postings. 


Local postings are articles posted 
directly to your discussion groups 
by users. Remote postings are 
articles sent to your discussion 
groups by replication. 


Allow Only Remote Postings Specifies that only articles sent to 

(Feed Only) your discussion groups by 
replication can be posted to the 
discussion group. 


Moderate Discussion Group and Specifies that this discussion 

Send Postings Via E-Mail To field group will be moderated and 
includes an e-mail address for the 
moderator’s e-mail address. 


Gateway to E-Mail Address field Specifies that the discussion 
group will be a gateway. Type the 
e-mail address for the gateway. 


Do Not Keep Articles for This Specifies that articles are stored 
Discussion Group, but Pass in the spool only until they are 
Them to Feed Sites sent to other replication sites. 


Users cannot read the articles 
from your server. 
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Option Purpose 





This Discussion Group is a Specifies discussion groups that 
Referral For field are no longer in use or useful. 


For example, suppose you want 
to obsolete DISCUSSIONA and 
point users to DISCUSSIONB. In 
the Referral field for 
DISCUSSIONA, you type 
DISCUSSIONB. When users 
post to DISCUSSIONA, they will 
get a message to post to 
DISCUSSIONB. 


8 Click Submit. 


Access to a Discussion Group 


The process of controlling access to your discussion groups depends on your 
directory service. If you are using Novell Directory Services® (NDS®), refer 
to “Setting Up Access Control Using NDS” on page 46. If you are using 
LDAP or a local directory service, this section explains how to set up access 
control. 


You configure access control for a discussion group by creating access control 
rules. An access control rule defines the rights a user, group, or host has to a 
particular discussion group. Each access rule determines 


+ The name of the user, group, or host for whom the rule applies 
+ The method of authentication 
+ The role granted to the user, group, or host, or denial of all access 


+ Whether the rule is continued or absolute (not continued) 


By default, two access control rules are created. The first rule grants the role 
of poster to anyone. The second rule grants the role of manager to the user ID 
that connects to the directory service. 


Understanding How Access Control Works 


To determine access control for a user, the News Server first checks the 
hostname in the first rule. If the hostname does not match, the server stops 
checking and the user is denied access. 
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If the hostname matches, the server then verifies that the user information 
matches the other information specified in the rule. The server recognizes the 
host either by its hostname or IP address, depending on what you specify in 
the Access Control Options form (from the News Server, click Access Control 
> Access Control Options). 


If the user information matches, the server goes on to the second rule if the 
first rule is continued. When a rule is continued, the server continues to search 
for subsequent access control rules that correspond to the user. When a rule is 
absolute (not continued), the server grants the user the rights specified in the 
absolute rule. 


A lower-level discussion group in a discussion group hierarchy inherits the 
access control rules for the main discussion group. So the server begins 
checking the user’s access at the top level of the discussion group hierarchy. 
The server continues moving down the hierarchy until it detects an absolute 
rule. Every rule beneath the absolute rule inherits the access control of the 
absolute rule. The server keeps checking for the user’s rights until it reaches 
the end of the list of rules. 


You can specify new rules that override these inherited rules, even if a rule is 
absolute. You cannot modify the inherited rules, however, unless you have 
manager access to the higher-level discussion group. 


IMPORTANT: If you are denying access to lower-level discussion groups, grant 
yourself manager access before or you will deny yourself access to the discussion 
groups. If you deny yourself access, you'll need to contact your server administrator to 
fix the problem. 


Understanding Access Control for a Virtual Discussion Group 


Be aware of the following issues about access control for a virtual discussion 
group: 


+ When a user creates a search profile for a virtual discussion group, the 
results of the search depend on the access rights of the creator. If the 
creator does not have access to a discussion group, articles from that 
group are not returned in the virtual discussion group. 


+ By default, only the creator can read the virtual discussion group. The 
server automatically adds an access control rule for the creator of the 
virtual discussion group. 


+ We recommend that you do not change the default access control for a 
virtual discussion group because the virtual discussion group is created 
based on the creator's access rights. 
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If another user has access to the virtual discussion group but not to one of the 
source discussion groups, the user cannot view the text of the article, but can 
view the headers, including the subject line, of the article. 


For more information on virtual discussion groups, refer to “Specifying 
Search Options” on page 17. 


Creating Access Control Rules 


To create an access control rule, be sure that you have first enabled access 
control. For information on enabling access control, refer to “Enabling Access 
Control” on page 48. 


1 From the General Administration page, click the News Server server 
name button > Discussion Groups > Manage Discussion Groups > OK. 


2 Select the parent or root-level discussion group. 
3 Click Access Control Rules > New Rule. 


4 In the Users, Groups, or Hosts fields, type the user or group ID or 
hostname to which this rule applies. 


You must specify information in at least one of these fields. You can 
specify information in all of the fields. 


In the Users or Groups fields, separate multiple users or groups with 
commas. To specify access for all users in the directory, type all. 


In the Hosts field, you can specify a hostname or IP address, if IP address 
resolution is enabled. To specify all hosts, type an asterisk (*). If you do 
not type a hostname, an asterisk is entered. 


5 (Optional) Click Edit to create, modify, or delete multiple users or groups 
through the ACL User Group Finder. 


IMPORTANT: |f you click Anyone (No Authentication) on the Finder form, the user 
still might be denied access based on other settings, such as hostname or IP 
address. 


6 Click the Auth By drop-down list > select the type of authentication that 
will verify the user for the discussion group. 


¢ Default: Authentication determined in the Access Control Options 
form (from the News Server interface, click Access Control > Access 
Control Options). 


+ Certs: Authentication determined by a valid user certificate. If users 
have a valid user certificate, they do not need to log in to the 
discussion group. This method requires a secure server. 
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If you select user certificate authentication in any access control rule 
for a discussion group, all users will be asked to authenticate by 
certificate—tregardless of the authentication method specified in 
later rules for a particular user. A user will be asked for a certificate, 
but if a user does not have to authenticate by user certificate, he or 
she will still be able to authenticate by username and password. 


7 Click the Then Allow Role of drop-down list > select the role you are 
allowing the user or group. 


For more information on roles, refer to “Defining and Managing Roles” 
on page 50 


or 
Select Deny to deny the user or group all access to the discussion group. 


You can choose Deny as a quick and safe way to set up access control 
tules. After denying all access, you can then choose to grant a particular 
role to a user. 


8 Check the Continue check box if you want the server to continue 
checking for access control rules that match the user, discussion group, 
and current action. 


If the rule is continued, the Set from field displays the higher-level 
discussion group from which the rule is inherited. Inherited rules are 
viewable, but not selectable. 


or 
If you want the rule to be absolute, uncheck the Continue check box. 
9 Click the Up- or Down-arrow to change the order of rules. 


10 Click Submit All Changes. 


Creating a Guest Rule 
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You can create a guest rule that allows any host or user (whether defined in 
the directory or not) to access a discussion group without authentication. You 
can also specify a guest rule for a particular host. 


1 From the General Administration page, click the News Server server 
name button > Discussion Groups > Manage Discussion Groups > OK. 


2 Select the discussion group you want to create a guest rule for. 


3 Click Access Control Rules > New Rule. 
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4 In the Users field, type Anyone. 

5 In the Groups field, type Anyone. 

6 In the Host field, type an asterisk (*) for all hosts 
or 
Type the hostname or IP address of the guest. 

7 Click the Auth By drop-down list > select Default. 


The default authentication method is specified in the Access Control form 
(from the News Server interface, click Access Control > Access Control 
Options). If the default is authentication by certificate, the guest must 
have a valid certificate. 


8 Click the Then Allow Role of drop-down list > select the role you are 
allowing the guest. 


9 Check the Continue checkbox. 
10 Click Submit All Changes. 


Deleting an Access Control Rule 


1 From the General Administration page, click the News Server server 
name button > Discussion Groups > Manage Discussion Groups > OK. 


2 Select the parent or root-level discussion group. 
3 Click Access Control Rules. 


4 In the rule you want to delete, click the trash can icon. 


Moderating a Discussion Group 


You can assign managers and users to moderate discussion groups. 
Moderators can control the amount of traffic and the message count a 
discussion group receives by approving messages or filtering out unwanted 
material. 


A discussion group moderator 
+ Reviews submitted messages 
+ Specifies which messages can be posted 
+ Sends e-mail to the authors of the denied messages 


+ Forwards accepted messages to the discussion group 
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+ Combines messages and articles to create a digest that gets posted 
periodically 


When an article is posted to a moderated discussion group, the server looks for 
the header Approved: moderatoraddress. If the address in the header matches 
the moderator’s address for the discussion group, the message is added to the 
spool. If the address does not match the moderator’s address, the message is 

sent by e-mail to the moderator. 


Setting Up Moderating 


If you decide that you want a discussion group moderated, you need to 
+ Modify the discussion group properties 


+ Provide the moderator with the necessary information 


Modifying the Discussion Group Properties 


1 From the General Administration page, click the News Server server 
name button > Discussion Groups > Manage Discussion Groups > OK. 


Select the discussion group that you want moderated. 

Click General Properties. 

Under Advanced Options, select the Moderate Discussion Group. 

In the Send Postings Via E-Mail To field, type the moderator’s address. 
Click Submit. 
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Providing the Moderator with the Necessary Information 
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You need to provide the moderator with the following: 


+ A copy of the NSNEWS.CONF file, in 
NOVONYX]SUITESPOT\NEWS-SERVERNAME\CONFIG 


+ A copy of the INEWS program, in 
NOVONXY\SUITESPOT\BIN\NEWS\BIN 


The INEWS program is the News Server moderating program. INEWS 
is a client utility.) The INEWS program shipped with the News Server 
must run on Windows* NT*, and the News Server must run on 
NetWare®. 


+ The Moderators Handbook (http://www.landfield.com/moderators/ 
handbook/handbook.draft) 
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This describes moderator formats used to post articles and common 
practices of moderators 


You should also provide the following steps to the moderator: 


1 From the client NT console, set the NS_NEWSCONF environment 
variable in the NSNEWS.CONF file to the full pathname of the 
NSNEWS.CONF file. 


2 When you receive a message for approval, save the message to any file, 
and edit the message to receive the moderator header information. 


3 To approve the article, run the inews command on the article from the NT 
console, then forward the article to the discussion group. 


For example, in the command 


inews -h -a moderuser@news.royal.com 
filename article 


the -h option indicates that the file contains headers, and the -a option 
indicates that the file is approved. 


4 To reject the article, do not forward the message to the discussion group. 


5 If you reject the article, send an e-mail to the author, and explain why the 
message was rejected. 


Moderating and Access Control 


If access control is enabled, the following rules also apply to moderating a 
discussion group: 


+ You must grant the moderator role to the moderator. 
+ You must specify that the moderator use basic authentication. 


If you are requiring authentication at first connect and client 
authentication is the default, the moderator cannot use the INEWS 
program. 


+ The moderator must specify a username and password when running the 
INEWS program. 


For example: 


inews -h -a moderuser@news.royal.com -u mewing -w passwd 
filename_article 
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Importing Discussion Groups 


You can host on your server discussion groups from other servers by 
importing the names of the discussion groups from an ACTIVE file, a list of 
discussion groups that are supported by a server. Importing is a quick way to 
support the same discussion groups that are available on other servers. 


To host the same discussion groups on your server that are being sent by 
another server, you should obtain that server’s ACTIVE file and import the 
desired discussion groups into your server’s ACTIVE file. Importing can take 
several minutes, depending on the size of the ACTIVE file being imported. 


IMPORTANT: Because the server is sensitive to the exact format of the ACTIVE file, 
you should never manually edit it. All modifications should be done through the Import 
Discussion Groups form, which automatically pauses the server. 


To import a discussion group: 


1 From the General Administration page, click the News Server server 
name button > Discussion Groups > Import Discussion Groups. 


2 Click one of the following options: 
+ ACTIVE File to Import Discussion Groups From 
In the associated field, type the path to and name of the ACTIVE file. 
+ Remote Host to Import Discussion Groups From 


In the associated field, type the server name or IP address of the 
remote host. 


3 Type the name of the discussion groups to import. 
4 Type the name of the person who created the discussion group. 


5 Click OK. 


Indexing Discussion Groups 


You can create an index to allow your users to search across all discussion 
groups hosted by your server. By default, indexing is turned off. Indexing is 
automatically turned on when you create an indexer. 


An indexer identifies the discussion groups to index for full-text searching 
purposes. You create indexers in the Full Text Indexing form. After articles 
are indexed, they are available for searching and profiling. 
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In general, you need only one indexer. It is possible, however, to create 
multiple indexers with different configurations. For example, you might want 
to configure multiple indexers if you think you need different batch sizes for 
each indexer. If you expect an indexer to receive more than 1000 articles every 
15 minutes, you might want to change the batch file size for performance 
reasons. The batch size is determined by a parameter in the 
INDEXSEND.CTE file, in NOVONX Y\SUITESPOT\NEWS- 
SERVERNAME\COMNFIG. 


The batch file for each indexer is created by the innd process. The batch file 
contains the list of articles to be indexed. By default, the batch file is processed 
every 15 minutes. To determine how often the batch files are processed, refer 
to “Specifying Technical Settings” on page 20. 

Creating an Indexer 


1 From the General Administration page, click the News Server server 
name button > Discussion Groups > Full Text Indexing. 


In the Index Identifier field, type the name of the indexer. 
Click the Index Which Discussion Groups drop-down list. 


Select which discussion groups you want to index. 


a KR OO N 


If you select Specified Discussion Groups or All But Specified 
Discussion Groups, in the Discussion Groups field, type the names of the 
discussion groups. 


6 Click OK. 


After you create an indexer, it appears in the list of indexers at the bottom of 
the Full Text Indexing form. All indexer names are preceded by the word 
indexer. 


After you create an indexer, the Edit and Remove buttons appear at the bottom 
of the form. 


Editing an Indexer 


1 From the General Administration page, click the News Server server 
name button > Discussion Groups > Full Text Indexing. 


2 In the For Indexer list, click the Edit button that corresponds to the 
indexer you want to edit. 


3 Select which discussion groups you want to index. 
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4 If you select Specified Discussion Groups or All But Specified 
Discussion Groups, in the Discussion Groups field, type the names of the 
discussion groups. 


5 Click OK. 


Removing an Indexer 


When you remove an indexer 
+ All configuration files for the indexer are removed 
+ No more articles are indexed for this particular indexer 
¢ Existing articles remain in the index until they expire 


1 From the General Administration page, click the News Server server 
name button > Discussion Groups > Full Text Indexing. 


2 In the For Indexer list, click the Remove button that corresponds to the 
indexer that you want to remove. 


Removing a Discussion Group 
1 From the General Administration page, click the News Server server 
name button > Discussion Groups > Manage Discussion Groups > OK. 
2 Select the discussion group. 
3 Click Remove. 
Click Remove Group on Local Servers Only 
or 


Click Remove Group on All Internal Connected Servers. 


If you have configured the News Server to notify you about rmgroup control 
articles in the Configure Replication Host form (from the News Server 
interface, click Discussion Replication > Configure Replication Host), you 
will receive one notification control message for the removed discussion 
group and its lower-level discussion groups. 


If the discussion group is removed from your local server and not a replication 
host, you will still receive an e-mail notification. 
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Managing Replication 


This section describes how your NetWare® News Server can replicate, or 
share and exchange articles and discussion groups, with other news servers. 
Before you configure your News Server for replication, refer to “Plan Your 
Replication Sites” on page 14. 


Understanding Replication 


Discussion group replication is the process of exchanging and transferring 
articles and discussion groups between servers. Your server can send to any 
remote server, and any remote server can send to your server. To accept 
incoming discussion groups, each server must be configured to do so. Thus 
replication is a two-way exchange of discussion groups coordinated by the 
server administrators. 


The following illustration shows an example of replication. 
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Discussion group replication does the following: 
¢ Expands the number of discussion groups available to your server 


¢ Lets you post your discussion groups to Usenet so that your users can 
participate in the global news server community 


For more information on Usenet, refer to “About Usenet” on page 71. 


+ Allows for fast response and high availability because discussion groups 
can be kept on several machines that send the discussion group articles to 
each other. 


For example, you could have servers in several different buildings that 
share discussion groups. 


Replication Relationships Between Servers 


There are two types of replication relationships between servers: 
+ As peers 


¢ As master and synchronized replica 


Replication as Peers 


As peers, both servers can spool posted articles and send and receive 
replication feeds to and from one another and other servers. You can, 
however, receive discussion groups from a server and not send discussion 
groups to that server. You just need to specify which outgoing discussion 
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groups to send to other servers in the Configure Replication Host form (from 
the News Server interface, click Discussion Replication > Configure 
Replication Host). 


You cannot control which incoming discussion groups your server receives. 
You do control, however, which discussion groups your server supports. If 
your server does not support the discussion group sent by the other server, all 
the articles in the discussion group are rejected by your server. You use control 
articles to accept or reject incoming discussion groups. For more information 
about control articles, refer to “Understanding Control Articles” on page 77. 


To host the same discussion groups on your server that are being sent by 
another server, you should obtain the server’s ACTIVE file and import the 
desired discussion groups into your server’s ACTIVE file. 


Replication as Master and Synchronized Replica 


About Usenet 


As master and synchronized replica, one server is designated as master server, 
and one or more servers are designated as synchronized replicas of the master 
server. 


Only the master server can spool posted articles and can send and receive 
replication feeds to and from other servers. 


The synchronized replica 


+ Maintains the same discussion groups, articles, and article numbering as 
its master server. 


+ Accepts replication feeds only from its master server. 
+ Cannot send replication feeds to other servers. 


+ Cannot spool articles posted to it, but must forward all posted articles to 
its master server for spooling. 


The master server then sends the articles to its synchronized replicas. 


Master and synchronized replication is a way to help balance the load of your 
news servers. This setup allows users to maintain the same seen/unseen state 
for articles, regardless of which synchronized replica they use. 


If you want to receive global discussion groups, you will want to receive the 
Usenet feed. Usenet is the public collection of newsgroups. These newsgroups 
are sent around the world, and their articles are stored on many servers. Not 
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all news servers receive a full news feed, that is, they don’t give you access to 
all Usenet newsgroups because the server administrator has not configured the 
server to receive a full news feed. 


If you’ re new to the Internet or Usenet newsgroups, you might want to buy a 
book that lists and describes all the Usenet newsgroups. (The list is very long.) 
Or you can subscribe to one of the newsgroups that publishes lists, such as 
news.announce.newgroups and news.announce.newusers. 


Usenet addresses look similar to Internet addresses, but the most general 
category appears first instead of last. For example, rec.pets.cats is about cats, 
but the general category is about recreation. 


Usenet newsgroups are organized into the following groups: 
¢ The alt (alternative) group contains less formal topics. 
+ The comp (computer) group contains topics about computers. 
+ The misc (miscellaneous) group contains various topics. 
+ The news groups contains topics about newsgroups. 


+ The rec (recreational) group contains topics about arts, hobbies, sports, 
and so on. 


¢ The sci (science) group contains topics on biology, chemistry, physics, 
and math. 


¢ The soc (social) group contains topics on social issues. 


¢ The talk group contains topics that are hotly debated, such as politics and 
religion. 


Access Control, Security, and Replication 


Access Control 


If you set up discussion group replication, you need to understand certain 
access control and security issues. 


If your News Server sends discussion groups to external or internal sites that 
use another method of access control, you cannot control access to the 
discussion groups residing on the remote server. If you are concerned about 
access control for the discussion groups you are sending, make certain that 
you trust the remote site. 
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Security 
Incoming Discussion Groups 


To receive encrypted data or to replicate discussion groups with remote 
servers that have encryption enabled, the server must have a valid certificate 
and must have encryption enabled. When you replicate discussion groups with 
a remote server that has encryption enabled, all data between the two servers 
is encrypted. Keep in mind, however, that after the articles have transferred to 
the other server, the articles are only as secure as the remote server. 


Outgoing Discussion Groups 


The News Server can send encrypted or unencrypted data whether running 
with encryption enabled or not. Additionally, the server can send encrypted 
private discussion groups and unencrypted public discussion groups. The 
receiving server determines whether the transmission should be encrypted. 
You configure the server to use the receiving server’s port number and SSL 
setting for transmissions. 


News Server can send to a port number other than the one it listens to. This 

feature, however, does not guarantee that you can receive discussion groups 
from the remote server. To send to your server, the remote server must have 
the ability to send to a port number other than the one to which it listens and 
must be configured to send to your server’s port number. 


Creating a Replication Host 


1 From the General Administration page, click the News Server server 
name button > Discussion Replication > Configure Replication Host. 


2 In the Remote Server Hostname field, type the name of the host your 
server will exchange articles with. 


You can specify a hostname, such as SECNEWS.NOVELL.COM, or you 
can specify an IP address. If you have configured your News Server to not 
resolve hostnames into IP addresses, you must specify an IP address in the 
hostname field. 


3 Check the box if you want the host to be synchronized with a master host. 
Synchronized replica configuration cannot be changed. 


4 Check the box if you want the remote server to be treated as internal to 
your company. 
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If you treat the host as internal, you can create or remove discussion 
groups on it. Before you treat the host as internal, notify the remote server 
administrator. 


5 In Outgoing Settings, click the Send drop-down list > select which 
discussion groups to send. 


6 Ifyou select Specified Discussion Groups or All but Specified Discussion 
Groups, in the Discussion Groups Field, type the name of the discussion 
groups. 


You can specify patterns, such as ROYAL.” to send all discussion groups 
that start with royal. You can also use negation patterns, such as 

!* ANIMALS.* to specify not to send anything that has animals in its 
name. 


7 In Remote Server Port, select one of the following options: 


+ Use Port Number (Same as This Server): Select if the port of the 
receiving server is the same port number as your News Server. 


+ Use This Port: Select if you send to a remote server that listens to a 
different port number than your News Server. In the associated field, 
type the port number. 


You should always use port number 563 for servers with encryption 
enabled. 


8 In SSL Setting for Outgoing Connection, select one of the following 
options: 
+ Use SSL Setting of This Server: Select if the remote server has the 
same security settings as your News Server. 


If a remote server has a different setting, any attempted transmissions 
to that server will generate an error message in the replication log. 


+ Remote Server Uses SSL: Select if transmissions must be encrypted 
before they are sent to the remote server. 


+ Remote Server Does Not Use SSL: Select if transmissions must not 
be encrypted before they are sent to the remote server. 


9 In Incoming Settings for Control Articles, type the discussion groups for 
which you will accept newgroup control articles in the Accept Newgroup 
Control Articles for Groups field. 


If you want to accept newgroup control articles on all discussion groups, 
type an asterisk (*). 
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10 Click the When Newgroup Control Articles Arrive drop-down list > 
select how you want to handle the control articles.. 


If you select Make Log Entry, the articles will be logged in the server log. 


11 Inthe Accept Rmgroup Control Articles for Groups field, type the 
discussion groups for which you will accept rmgroup control articles. 


12 Click the When Rmgroup Control Articles Arrive drop-down list > select 
how you want to handle the control articles. 


If you select Make Log Entry, the articles will be logged in the server log. 
13 Click OK. 


Editing a Replication Host 


1 From the General Administration page, click the News Server server 
name button > Discussion Replication > View/Manage Replication 
Hosts. 


2 Click Edit under the replication host you want to modify. 
3 Modify the Configure Replication Host form. 


For information on how to use this form, refer to “Creating a Replication 
Host” on page 73. 


Configuring a Synchronized Replica 


1 From the General Administration page, click the News Server server 
name button > Discussion Replication > Set Master Host. 


2 Type the fully qualified name of the master server for which your server 
is to be a synchronized replica in the Master Host field. 


The Set Master Host form applies only to this News Server. If you want 
to configure this server to be the master host, you must access the News 
Server interface for each of the designated synchronized replicas and put 
this server’s name in the Master Host field. 


3 Click OK. 


If you do not type anything in the Master Host field, your NetWare News 
Server will not be a synchronized replica. 
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Creating the Default Replication Settings 


If you want to send the same outgoing discussion groups to all replication 
hosts, you can create a default replication setting that specifies those 
discussion groups. The default replication setting is to send no discussion 
groups. 


1 From the General Administration page, click the News Server server 
name button > Discussion Replication > Edit Default Replication 
Settings. 


2 Click the Send drop-down list. 
3 Select which discussion groups you want to send. 


4 If you select Specified Discussion Groups or All But Specified 
Discussion Groups, in the Discussion Groups field, type the name of the 
discussion groups. 


You can specify patterns, such as ROYAL.* to send all discussion groups 
that start with royal. You can also use negation patterns, such as 

!* ANIMALS.* to specify not to send anything that has animals in its 
name. 


5 Click OK. 


6 To apply the default replication settings to a replication host, when you 
configure your replication host, select Default Discussion Groups from 
the Send drop-down list on the Configure Replication Host form. 


Editing the Default Replication Settings 
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1 From the General Administration page, click the News Server server 
name button > Discussion Replication > View/Manage Replication 
Hosts. 


2 Under Default Replication Settings, click Edit. 
3 Modify the Edit Default Replication Settings form. 


For information on how to use this form, refer to “Creating the Default 
Replication Settings” on page 76. 
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Removing a Replication Host 


1 From the General Administration page, click the News Server server 
name button > Discussion Replication > View/Manage Replication 
Hosts. 


2 Click Remove under the replication host you want to remove. 


Resending Articles 


You might want to resend articles to replicate your spool to a replication host 
that has crashed or has somehow lost articles that you have previously sent to 
it. Resending articles can take a long time depending on the number of articles 
sent. 


1 From the General Administration page, click the News Server server 
name button > Discussion Replication > View/Manage Replication 
Hosts. 


2 In the For Host list, click the Resend that corresponds to the replication 
host you want to resend articles to. 


3 In the Resend to Host form, select one of the following options: 
+ Send All Available Articles 
+ Send Only Articles Less Than _ Days 


In the associated field, type the number of days. 


The Refeed will happen when specified in the Send Outgoing News drop- 
down list in the Technical Settings form (from the News Server interface, 
click Server Preferences > Technical Settings). 


Understanding Control Articles 


A News Server that sends discussion groups to another server communicates 
with the receiving server about when to create a discussion group, delete an 
outdated discussion group, cancel an article, and so on. This information is 
transmitted in articles that are called control articles. 


Control articles are sent just like other news articles and are stored in the 
control discussion group. The RFC 1036 defines the format for these articles. 
Control articles are sent with a control header or a subject header that starts 
with the characters CSMG. 
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Generally, control articles are sent automatically as the result of an 
administrative action you perform. For example, when you create a discussion 
group, anewgroup control article is sent to your server to create the discussion 
group. 


The following control articles are supported by the News Server. 





Newgroup Requests that the receiving 
server create a new discussion 
group 

Rmgroup Requests that the receiving 


server delete a discussion group 


Checkgroups Contains a list of the valid 
discussion groups within a 
specific discussion group 
hierarchy 


Sendsys Requests that a description of the 
receiving server's discussion 
group replication to other servers 
be mailed to the article’s reply 
address 


Version Requests that the name and 
version of the receiving server be 
mailed to the article’s reply 
address 





The rmgroup and newgroup control articles apply to a specific discussion 
group sent from a specific replication host. The other three control articles 
specify information about replications in general. 


Handling Control Articles 


You can specify how you want your News Server to handle control articles 
that it receives. It is possible to handle control articles differently from each 
remote host. 


If you want manual control over articles, you can specify that control articles 
be e-mailed to you for immediate appraisal on an individual basis. If you 
choose this option, you become a moderator for your News Server. For each 
control article you receive, you can decide whether you want to allow the 
action to be performed on your News Server. If you do not want the action to 
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be performed, you can ignore the request. If you want the action to be 
performed, you must save the article as a file, edit it, and post it via your NT 
console. For more information about moderating, refer to “Moderating a 
Discussion Group” on page 63. 


You can specify that control articles be entered into the server log so you can 
quickly review them in their entirety and choose whether to accept them or 
not. You can choose the logging option if you do not plan on changing the 
discussion groups and articles your News Server offers, but just want to be 
aware of what remote servers are sending you. 


If you do not want manual control over any action that can affect your News 
Server, you can specify that control articles should be handled automatically 
as they are received. In general, it is easier to administer replicated internal 

discussion groups if you allow control articles to be executed automatically. 


You can also specify that your News Server ignore control articles. For 
example, if you do not want discussion groups created on your server, you can 
specify to ignore newgroup control articles. 


To specify how to handle control articles: 


1 From the General Administration page, click the News Server server 
name button > Discussion Replication > Control Article Handling. 


2 Click the Checkgroups drop-down list > select how you want 
checkgroups to be handled. 


You specify the admin e-mail address in the Mail Notices to News 
Administrator form (from the News Server interface, click Reports > 
Mail Notices). 


3 Click the Sendsys drop-down list > select how you want sendsys to be 
handled. 


4 Click the Version drop-down list > select how you want version to be 
handled. 


5 Click OK. 


The handling of newgroup and rmgroup is specified in the Configure 
Replication Host form (from the News Server interface, click Discussion 
Replication > Configure Replication Host). 
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Securing the NetWare News Server 


NetWare® News Server uses the Novell Certificate Server 2.0 to transfer 
private data over TCP/IP networks. This section focuses on security as it 
specifically relates to the News Server. For more information about the Novell 
Certificate Server, refer to the Novell Certificate Server 2.0 Administration 
Guide. 


Understanding Basic Authentication 


Basic authentication requires the user to specify a username and password. 
The username and password are stored in the directory service. Any user with 
access to a valid username and password can access your discussion group 
from any machine that can access your discussion groups. 


If you want a more secure News Server, you should use the Novell Certificate 
Server to provide encryption. 


Understanding Certificate Authentication 


Over the Internet and intranets, identification takes the form of an 
authentication certificate, or simply, a certificate. News Server supports both 
server and user certificates. 


Server Certificates 


Server certificates are used by servers to authenticate to other servers or clients 
when exchanging encrypted information. A news server authenticates to a 
newsreader or to another news server that is connecting to send encrypted 
data. 


Securing the NetWare News Server 81 


When a newsreader connects to a news server, the server certificate identifies 
the news server to the newsreader. The newsreader is assured that it is 
connecting to the correct news server. 


When a news server connects to a remote news server to send encrypted data, 
the remote news server sends its certificate to the sending server to identify 
itself. After the remote news server successfully identifies itself, the sending 
server starts the encrypted transmissions. 


The following example provides a general overview of the behind-the-scenes 
server authentication process: 


1. A client (either a newsreader or another news server) sends a request to 
connect to a secure news server. 


2. The server sends its certificate and its public key to the client. 


3. The client checks whether the server certificate was issued by a 
Certificate Authority (CA) it trusts. 


If so, the client proceeds to the next step. If the client doesn’t trust the CA, 
it can cancel the connection or proceed without server authentication. If 
the client is another news server, it will cancel the connection. 


4. The client compares the information in the certificate with the 
information it just received concerning the server’s domain name and its 
public key. 


If the information matches, the client accepts the server’s certificate. 


5. The client generates a session key, a key to be used only for this 
transaction. The client encrypts the session key using the server’s public 
key. 


6. The client sends the encrypted session key to the server. 


7. The server receives the session key and decrypts it using the server’s 
private key. 


8. The client and the server use the session key to encrypt and decrypt the 
data they send and receive. 


User Certificates 


User certificates are used for newsreader authentication when a newsreader 
connects to the News Server. When a newsreader attempts to connect to the 
News Server, the server can request that the newsreader authenticate by 
sending a user certificate. 
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To transfer the user certificate, both the user and the server must be using 
Novell Certificate Server 2.0. 


User certificates provide more secure authentication than the basic username 
and password authentication. Only machines with a valid certificate signed by 
a CA that you trust can authenticate to your news server. 


The following example provides a general overview of the behind-the-scenes 
user authentication process: 


1. 
2. 


11. 


A newsreader sends a request to connect to your News Server. 


The server sends its server certificate and its public key to the newsreader. 


. After the server authenticates to the newsreader, the server requests that 


the newsreader authenticate by sending its user certificate. 


The newsreader sends a user certificate and its public key to the server. 


. The server uses the newsreader’s public key, which is included in the 


certificate, to verify that the owner of the certificate is the same one who 
signed the certificate. 


. The server checks whether the user certificate’s CA is one that the server 


trusts. 


If so, the server proceeds to the next step. Otherwise, the server informs 
the newsreader that the user certificate was issued by an unknown CA. 


. The server compares the information in the certificate with the 


information it just received about the newsreader. If all the information 
matches, the server accepts the newsreader as authenticated. 


The newsreader generates a session key and encrypts it using the server’s 
public key. 


. The newsreader sends the encrypted session key to the server. 


10. 


The server receives the session key and decrypts it using the server’s 
private key. 


The newsreader and the server use the session key to encrypt and decrypt 
the data they send and receive. 


If you require authentication by user certificates, be aware of the following: 


+ The newsreader must obtain a user certificate from Novell Certificate 


Server v2.0. 


+ The News Server must have encryption enabled. 
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Enabling Encryption 


You should enable encryption if 
+ You want to receive encrypted data. 


+ You want to replicate discussion groups with remote servers running in 
secure connection mode. 


+ You require user certificate authentication to your server. 


With encryption enabled, all communications between your server and SSL- 
enabled browsers are private and server-authenticated. 


The encryption setting affects your incoming connections only. If you enable 
encryption, your server will receive encrypted data only. Newsreaders without 
SSL support cannot connect to your News Server. 


Before using encryption, you must have a CA and Key Material Object 
(KMO) in NDS. If you accepted the default Novell Certificate Server 2.0 
settings during the NetWare 5.1 install, the CA and KMO were automatically 
created for you. If you did not accept the default settings, you must create a 
CA and KMO using client ConsoleOne™. For more information on creating 
these components, refer to ConsoleOne help. 


To enable NetWare News Server encryption: 


1 Enable encryption for the NetWare Web Manager in the Encryption On/ 
Off form (from the General Administration page, click Admin 
Preferences > Turn On/Off SSL). 


2 Down the NetWare Web Manager. 
3 Restart the NetWare Web Manager at the server console by typing 
nvxadmup 


4 From the General Administration page, click the News Server server 
name button > Encryption > Activate Connection Security. 


If you can't access the General Administration page, be sure that you have 
specified https in your address, for example, https://123.456.789. 


5 Select Encryption On. 
In the Port Number field, type a port number for incoming connections. 
The standard port number for secure servers is 563. 


7 Select an alias for the key pair file and certificate file. 
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The alias is the NDS™ object name you specified when creating the CA 
and KMO during the NetWare 5.1 install. 


8 Click OK. 
9 Down the News Server. 
10 Restart the News Server at the server console by typing 


nsnewup 


Managing an Encrypted News Server 


If you enable encryption on your News Server, you need to be aware of how 
encryption affects 


+ URL construction 
¢ Article storage 
¢ Replication with other news servers 
URL Construction 
Normally, you access news server with the following URL: 
news://servername/discussiongroup 
To access a secure news server, use the following URL: 
snews://servername/discussiongroup 


To access a secure news server with security temporarily disabled, use the 
following URL: 


news://servername:563 
Article Storage 


With a secure news server, connections and transmissions are secure. After the 
article reaches its destination, however, it is only as secure as the machine on 
which it is stored. 


Replication with Other News Servers 


If you have already set up replication and now want to receive encrypted 
replication feeds, you need to modify the Configure Replication Host form. 
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1 From the General Administration page, click the News Server server 
name button > Discussion Replicaton > Configure Replication Host. 


2 Under Remote Server Port, select Use This Port. In the associated field, 
type the port number you specified in the Encryption On/Off form (from 
the News Server interface, click Encryption > Activate Connection 
Security). 


3 Under SSL Setting for Outgoing Connection, select Remote Server Uses 
SSL. 


4 Click OK. 


If you have encryption enabled on your News Server, you can still send to a 
News Server that does not have encryption enabled. For more information 
about replication, refer to Chapter 7, “Managing Replication,” on page 69. 


You cannot specify that certain discussion groups be secure and others not be 
secure. (This release does not support multiple instances of the News Server.) 
Because Usenet newsfeeds run nonsecure server software, you cannot receive 
Usenet newsfeeds if your server has encryption enabled. 


Disabling Encryption 


1 From the General Administration page, click the News Server server 
name button > Encryption > Activate Connection Security. 


2 Select Encryption Off. 
3 Click OK. 
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Maintaining the News Server 


This section describes the steps you need to take to ensure that the News 
Server runs efficiently and properly. 


Understanding Article Expiration 


NetWare® News Server stores discussion group articles in the local spool 
directory. You determine how long you want to store articles on disk. How 
long you store articles in a discussion group depends on the following factors: 


+ Your disk capacity: How much disk space you have determines how 
many articles you can store at a given moment. 


+ The number of articles posted to a discussion group: If the number of 
articles posted daily to a particular discussion group is very large, you 
might need to frequently expire articles in the discussion group. 


+ The content of articles: If the content of the discussion group is critical to 
your organization, you might never expire articles in the discussion 
group. If the content is not particularly critical, you might want to expire 
the articles of the discussion group frequently. 


When you no longer want to store an article, News Server uses the Expire 
program to remove the article. The Expire program purges articles from your 
spool and purges references from the HISTORY file as indicated by your 
configuration settings. When the News Server performs its daily maintenance 
tasks, it checks the expiration policies and expires articles accordingly. 


You might want to run Expire if you are running out of disk space, or you have 
modified your expiration policies and you want to immediately run Expire 
according to the new policies. 
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You can specify a default expiration policy for all discussion groups, or you 
can specify a custom expiration policy for a specific discussion group. 


Editing the Default Expiration Policy 


The following is the default expiration policy for articles: 


+ 


+ 


+ 


Obey expiration headers of articles 


Expiration headers are headers that say when to expire the message. The 
expiration header is determined by the client who posts the message. 


Keep articles without expiration headers for 10 days 
Keep articles in the HISTORY file for 14 days 


For more information about the HISTORY file, refer to “Recovering the 
HISTORY File” on page 94. 


The default expiration policy covers all discussion groups that are not covered 
by a custom policy. You can edit the default policy and specify your own 
values. 


To edit the default expiration policy: 


1 


2 


From the General Administration page, click the News Server server 
name button > Expiration > View/Manage Expiration Policies. 


Under Default Expiration Policy, click Edit. 


From the Edit Default Expiration Policy form, type the number of days 
you want articles to remain in the HISTORY file. 


The Remember HISTORY field should be equal to or higher than the 

longest expiration setting. The Remember HISTORY field tells the server 
how long to keep the message ID in the HISTORY file, regardless of how 
long the article actually remains in the spool. For more information about 
the HISTORY file, refer to “Recovering the HISTORY File” on page 94. 


To determine how long you want to keep articles on disk, select one of 
the following options: 


¢ Obey Expiration Headers: Obeys any expiration headers that the 
client sends when posting a message. In the associated field, type the 
number of days to keep articles without expiration headers. 


Do not specify this option if you want to maintain control over the 
expiration policy of all articles stored in your spool. 
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¢ Override Expiration Headers: Overrides any expiration headers that 
the client sends when posting a message. In the associated fields, 
type the minimum and maximum number of days to keep all articles. 


+ Never Expire Articles: Never expires articles. Select this option only 
if you are sure you have the disk capacity required for the discussion 
groups you want to support. 


5 Click OK. 


Creating a Custom Expiration Policy 


When you create a custom expiration policy for a discussion group, you 
override the default expiration policy for that discussion group. 


1 From the General Administration page, click the News Server server 
name button > Expiration > Create a Custom Expiration Policy. 


2 Click the For drop-down list > select the discussion group criteria for 
which you want to specify the expiration policy. 


3 In the Discussion Groups Matching field, type the discussion group name 
or pattern that you want to create the policy for. 


4 To determine how long you want to keep the articles from the specified 
discussion group on disk, select one of the following options: 


+ Obey Expiration Headers: Obeys any expiration headers that the 
client sends when posting a message. In the associated field, type the 
number of days to keep articles without expiration headers. 


Do not specify this option if you want to maintain control over the 
expiration policy of all articles stored in your spool. 


¢ Override Expiration Headers: Overrides any expiration headers that 
the client sends when posting a message. In the associated fields, 
type the minimum and maximum number of days to keep all articles. 


+ Never Expire Articles: Never expires articles. Select this option only 
if you are sure you have the disk capacity required for the discussion 
groups you want to support. 


5 Click OK. 


Maintaining the News Server 89 


Modifying a Custom Expiration Policy 


1 From the General Administration page, click the News Server server 
name button > Expiration > View/Manage Expiration Policies. 


2 Under Custom Expiration Policies, click Edit under the policy you want 
to modify. 


3 In the Custom Expiration Policy form, click the For drop-down list > 
select the discussion group criteria for which you want to specify the 
expiration policy. 


4 In the Discussion Groups Matching field, type the discussion group name 
or pattern that you want to create the policy for. 


5 To determine how long you want to keep the articles from the specified 
discussion group on disk, select one of the following options: 


+ Obey Expiration Headers: Obeys any expiration headers that the 
client sends when posting a message. In the associated field, type the 
number of days to keep articles without expiration headers. 


Do not specify this option if you want to maintain control over the 
expiration policy of all articles stored in your spool. 


¢ Override Expiration Headers: Overrides any expiration headers that 
the client sends when posting a message. In the associated fields, 
type the minimum and maximum number of days to keep all articles. 


+ Never Expire Articles: Never expires articles. Select this option only 
if you are sure you have the disk capacity required for the discussion 
groups you want to support. 


6 Click OK. 


Removing a Custom Expiration Policy 


1 From the General Administration page, click the News Server server 
name button > Expiration > View/Manage Expiration Policies. 


2 Under Custom Expiration Policies, click Remove under the custom 
expiration policy you want to remove. 
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Performing Recovery Tasks 


Under normal circumstances, the news.daily program performs the daily 
maintenance tasks for the News Server. There might be times, however, when 
you need to take recovery steps. For example, if the HISTORY file becomes 
corrupted, the Expire program will not remove articles that it should. 


To execute a recovery task: 


1 From the General Administration page, click the News Server server 
name button > Advanced Tasks > Recovery. 


2 Click the Do It that corresponds to 


the task you want to perform. 


Some recovery tasks can be performed at any time. Other tasks can be 
performed only while the server is up or only while the server is down. The 
following table shows what state the server must be in to perform the recovery 
tasks. Additional information about each task are in the subsections that 


follow. 





Recovery Task When Necessary 


Necessary Status of Server 





Releasing the throttled server. 
(This task must be completed 
from the Start/Stop the Server 
form.) 


The server has paused and is 
longer accepting connections. 


You want to force the 
server to perform all of its 
maintenance tasks 
immediately. 


Running news.daily 


You need to expire 
articles. 

Running expire You are running out of disk 
space. 


You have modified the 
expiration policies and 
want to run expire 
according to the new 
policies. 





no Down 


Up or down 


Up or down 
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Recovery Task 


When Necessary 


Necessary Status of Server 





Renumbering the ACTIVE file 


Remaking the ACTIVE file 


Rebuilding the HISTORY indexes 


Updating the HISTORY file 


Remaking the HISTORY file 


Remaking the search indexes 


Updating the overview files 


Rebuilding the overview files 





+ Your server is 
unexpectedly throttling 
with errors when writing or 
linking articles. 


+ You think the ACTIVE file 
might be corrupt. 


If you renumbered the ACTIVE 
file and are still having problems. 


+ You notice performance 
problems. 


+ You think the HISTORY 
file might be corrupt. 


+ You notice performance 
problems. 


+ You rebuilt the HISTORY 
indexes and are still having 
problems. 


You rebuilt the HISTORY indexes 
and updated the HISTORY files 
and are still having problems. 


+ You are experiencing 
performance problems. 


+ You want to index existing 
articles in a discussion 
group that was previously 
excluded from indexing. 


You want to make sure all articles 
in discussion groups are up-to- 
date. 


You think the messages are 
corrupted. For example, you 
double-click on a message and 
nothing comes up. 
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Up 


Down 


Down 


Up 


Down 


Down 


Down 


Down 


Releasing the Throttled Server 
The Release the Throttled Server button only appears on the Start/Stop the 


Server form if the server has paused. 


1 From the General Administration page, click the News Server server 
name button > Server Preferences > Start/Stop the Server. 


2 Under News Server Status, verify that your server is accepting the 
connections you have specified. 


3 If the server has paused, check the errlog to determine the cause. 
The errlog is in NOVONYX\SUITESPOT\NEWS-SERVERNAME. 

4 From the Start/Stop the Server form, click Release the Throttled Server 
after the problem has been identified and fixed. 


Running News.daily 


News.daily is the Collabra Server program that performs the daily 
maintenance tasks and writes the maintenance information to a set of log files. 
News.daily periodically expires articles, maintains the ACTIVE and 
HISTORY files, rotates the log files to purge old files, and sends discussion 
groups to other news servers. 


If running news.daily takes a long time, you can run the program from outside 
the Collabra Server browser interface. At the server console, type 


Load sys:novonyx/suitespot/bin/news/bin/newsdly.nlm 
sys :novonyx/suitespot/news-servername/config/ 
nsnews.conf 


Running Expire 


The Expire program purges articles from your spool and purges references 
from the HISTORY file as indicated by your configuration settings. 


Recovering the ACTIVE File 


The ACTIVE file contains a list of all the discussion groups stored on your 
server. For each discussion group, the low and high articles numbers and a flag 
indicating the type of group are included. The server is sensitive to the exact 
format of this file. 


Renumbering the ACTIVE file will renumber the list of discussion groups 
stored on your server. 
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Remaking the ACTIVE file rebuilds the ACTIVE file based on the contents 
of your spool directory. Remaking the ACTIVE file can take some time if you 
are supporting a lot of discussion groups. If you have a full UseNet feed, 
obtain a copy of the ACTIVE file from your news provider and then renumber 
that ACTIVE file. 


If you remake the ACTIVE file, most special flag settings will be lost. For 
example, flag settings indicating moderated discussion groups and discussion 
groups that can’t be posted to locally will be reset to the default settings. 


Recovering the HISTORY File 


The HISTORY file contains a list of the articles your server has stored and 
possibly expired. The HISTORY file prevents your server from accepting 
articles it has already accepted. 


The HISTORY file includes information about the creation time of the article, 
the message ID, and the location of the article in the spool. (Message IDs are 
generated using the creation time in seconds since January 1970, appended to 
the process identification and the hostname for the computer that created the 
article.) The News Server adds a line for each article it posts to the spool. 


Articles might be sent to your News Server from several other news servers. 
Consequently, some articles might be sent more than once. In addition, 
articles might be delayed several days in their various paths to your News 
Server. By referencing the HISTORY file, your News Server can decline 
articles that it has already stored. 


For example, you might have an article stored for one week, and then a week 
later a replication site wants to send the same article to your server. News 
Server compares the article message ID with the list of message IDs in the 
HISTORY file. If your News Server has already received the file, it rejects the 
file from the replication site. 


You specify the number of days that the HISTORY file will remember an 
article that it receives. Seven to fourteen days is recommended. If you set the 
HISTORY file to remember fewer days, your HISTORY file will be smaller, 
but the likelihood of getting duplicate articles increases. After the number of 
days specified, the server will purge old lines from the HISTORY file during 
the expiration process. 


Rebuilding the HISTORY indexes rebuilds the HISTORY.DIR and 
HISTORY.PAG files from the HISTORY file. 
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Updating the HISTORY file opens every article to rebuild the HISTORY 
index. 


Remaking the HISTORY file rebuilds the HISTORY file. 


Recovering the Overview Files 


Recovering the overview files recovers the list of messages in each discussion 
group. 


Remaking the Search Indexes 


Remaking the search indexes rebuilds the search indexes. 


Cancelling Articles 


You might want to cancel an article if its content is not appropriate. 


1 From the General Administration page, click the News Server server 
name button > Advanced Tasks > Cancel Articles. 


2 Type the ID of the message that you want to cancel, for example, 
<330BC222.6A9A @ROYAL.COM>. 


To determine the message ID, select the message header. In your 
newsreader, click the View menu. In the Headers section, select All. The 
message ID will appear in the message header. 


3 Click OK. 
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d 0 Troubleshooting the News Server 


This section includes information on troubleshooting problems with the 
NetWare® News Server. 


Why can’t I connect to the directory server? 


Cause 


The user ID or password you specified is incorrect. 


Solution 


If you are using the local directory service, you can check the user ID and 
specify a password from the General Administration page by clicking Users 
& Groups > select the user. 


If you are using an LDAP server, you might need to contact the directory 
server administrator and ask for the correct user ID and password. 


Which NSNEWS.CONF file do | modify? 


Cause 
There are tw NSNEWS.COMF files. 
Solution 


The NSNEWS.COMF file in 
\NOVONYX\SUITESPOT\BIN\NEWS\INSTALL\COMFIG is only used 
when installing. The nsnews.conf file you should modify is found in 
\NOVONYX\SUITESPOT\NEWS-SERVERNAME\CONFIG. 
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Why can't | view the daily report? 


Cause 


A temp file cannot be opened. 


Solution 


Verify that news.daily is done running. If news.daily is still running, wait for 
it to finish. If you still cannot see the report, delete the temp file 
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